luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Clarify the disable_mlock option

This commit is contained in:
Sheldon Hearn 2015-05-28 12:40:56 +02:00
parent daa5b9c1b5
commit 71c462b3b2
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
website/source/docs/config/index.html.md
View File

@ -39,7 +39,7 @@ to specify where the configuration is.
* `disable_mlock` (optional) - A boolean. If true, this will disable the * `disable_mlock` (optional) - A boolean. If true, this will disable the
server from executing the `mlock` syscall to prevent memory from being server from executing the `mlock` syscall to prevent memory from being
swapped to disk. This is not recommended. swapped to disk. This is not recommended in production (see below).
* `statsite_addr` (optional) - An address to a [Statsite](https://github.com/armon/statsite) * `statsite_addr` (optional) - An address to a [Statsite](https://github.com/armon/statsite)
instances for metrics. This is highly recommended for production usage. instances for metrics. This is highly recommended for production usage.
@ -47,6 +47,16 @@ to specify where the configuration is.
* `statsd_addr` (optional) - This is the same as `statsite_addr` but * `statsd_addr` (optional) - This is the same as `statsite_addr` but
for StatsD. for StatsD.
In production, you should only consider setting the `disable_mlock` option
on Linux systems that only use encrypted swap or do not use swap at all.
Vault does not currently support memory locking on Mac OS X and Windows
and so the feature is automatically disabled on those platforms. To give
the Vault executable access to the `mlock` syscall on Linux systems:
```shell
sudo setcap cap_ipc_lock=+ep $(readlink -f $(which vault))
```
## Backend Reference ## Backend Reference
For the `backend` section, the supported backends are shown below. For the `backend` section, the supported backends are shown below.